mysql: temporarily removing the root password

It's year 2010, yet there are softwares around that still expect that a database shouldn't have a root password set when you connect from localhost… And I have to install one of such softwares.

So, what to do? Well, let's assume that your mysql has a root password 'somepass'. You need to wipe it, install the software and then set it again. Luckily, that's simple:

mysql -u root mysql

type in your root password and get a

mysql>

prompt. Then:

UPDATE user SET Password='' where USER='root';
FLUSH PRIVILEGES ;

Leave this window open without exiting mysql, since you'll need it in a few minutes. Now go and install that crappy software. Once finished go back to the mysql window and:

UPDATE user SET Password=PASSWORD('somepass') where USER='root';
FLUSH PRIVILEGES ;

Is this safe/secure? No, it isn't, since you are exposing your DB to a "race condition" (someone that is able to log into your machine could just make a mess of your data, or grant himself full access to the database while you are installing your software). If you need to do this securely you should either patch the crappy software and make it sane about root access to the DB, or go to the console, unplug the network cable and reboot the machine in single user mode. Your call 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s